MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-48965	WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability_CVE-2026-48965 Subscriber Sensitive Data Exposure in XCloner	watchful	XCloner n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48887	WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability_CVE-2026-48887 Unauthenticated Broken Access Control in JS Help Desk	Ahmad	JS Help Desk n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48880	WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48880 Subscriber Cross Site Scripting (XSS) in WP Job Portal	Ahmad	WP Job Portal n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48878	WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability_CVE-2026-48878 Subscriber Sensitive Data Exposure in Visual Link Preview	Bootstrapped Ventures	Visual Link Preview n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48870	WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48870 Subscriber Cross Site Scripting (XSS) in King Addons for Elementor	King Addons	King Addons for Elementor n/a	Jun 15, 2026	CVE
MEDIUM 4.3	CVE-2026-48518	MultiJuicer: Login CSRF allows attacker to force victims into their team_CVE-2026-48518 MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 th...	juice-shop	multi-juicer >= 8.0.0, < 10.0.1	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42752	WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability_CVE-2026-42752 Unauthenticated Bypass Vulnerability in Stripe Payments	mra13 / Team Tips and Tricks HQ	Stripe Payments n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42743	WordPress Masteriyo – LMS plugin <= 2.1.8 - Broken Authentication vulnerability_CVE-2026-42743 Unauthenticated Broken Authentication in Masteriyo - LMS	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42688	WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42688 Subscriber Cross Site Scripting (XSS) in Modula Image Gallery	WP Chill	Modula Image Gallery n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42663	WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42663 Unauthenticated Cross Site Scripting (XSS) in Simple Membership	wp.insider	Simple Membership n/a	Jun 15, 2026	CVE